There are hundreds, if not thousands, of themes available for WordPress. However, when people hire a web designer, they usually expect – and receive – a custom-built theme. If the designer is a reputable one, he or she will have written one or more basic framework or “boilerplate” themes, which will be built out and customized to suit the needs of individual clients. If the designer is not so reputable, they may modify existing themes written by others, and pass them off as their own.
Custom is Good, Right?
Not necessarily. Clients are rarely aware of a very important fact: WordPress websites require ongoing maintenance. The WordPress “core” is updated multiple times a year, and some of those updates will be major. This means themes and plugins may also need to be updated to continue to work properly with WordPress.
However, loss of functionality is only one risk of running outdated themes, plugins, or WordPress versions. A much greater risk is that every hacker in the world becomes aware of security vulnerabilities as soon as they are addressed in updates. These hackers troll the internet looking for sites that are not updated. And they find them. About half of my clients come to me with existing sites that have not been updated in years, and 85% of those sites have been hacked.
What does this have to do with custom sites? Well, let’s compare the chronology of a custom theme with the chronology of a theme from the WordPress free theme repository. If you choose your free theme wisely, the theme author will monitor updates made to the WordPress core, and keep the theme compatible. Theme updates will become available through your WordPress dashboard, and the date of the most recent update will always be displayed on the theme’s description page at WordPress.org.
On the other hand, a relationship with a web designer is often limited term. They build the website, you pay them, and you go your separate ways. So what happens two years down the road when a WordPress update renders your theme vulnerable or inoperable?
If you have an ongoing contract with the person who designed your site that specifically includes theme monitoring and updates, you don’t have to worry about this. However, what if that relationship changes, or the developer changes focus? Finding someone else to monitor the theme may not be easy. Most web designers prefer to work with their own code, and are not very enthusiastic about diving into someone else’s.
If your company or organization is large enough to have staff with WordPress design skills (by which I mean people with advanced programming skills, not people who know how to create a blog post), and if your site is large and complex, with advanced functionality, a custom theme may be exactly what you need.
However, if your site is more modest, a well-maintained free theme with some custom CSS may produce a website that is just as suitable to your needs, and much easier to keep secure.